Module 13 Where Data is Stored
Exam Objective 4.3 Where Data is Stored
Objective Description
Where various types of information are stored on a Linux system.
Introduction
FSH and Processes
¡ñ A typical Linux system has thousands of files. The Filesystem Hierarchy Standard (FHS) provides a guideline for distributions on how to organize these files.
¡ñ The Linux kernel is the core of the GNU/Linux operating system. It is important to understand the role of the Linux kernel and how it both processes and provides information about the system
¡ñ Learn how to view running processes with the ps, top and other commands.
¡ñ discussion of how the system records or logs messages
Linux Kernel Processes
Kernel Processes
¡ñ A key function of the Linux kernel is to manage processes.
¡ñ The kernel accepts commands and manages processes that carry out those commands.
¡ñ The kernel gives commands access to devices like memory, disks, network interfaces, keyboards, mice, monitors and more.
¡ñ The kernel also provides access to information about active processes through
a pseudo filesystem that is visible under the /proc directory. Other pseudo filesystems include /dev and /sys, which give information about hardware devices.
Pseudo filesystems are ones that appear to be real files on disk, but exist only in memory.
The /proc Directory
¡ñ The /proc directory not only contains information about processes (as name ¡°proc¡± suggests), but also provides information about system hardware and current kernel configuration.
¡ñ The output shows a variety of named and numbered directories:
sysadmin@localhost:~$ ls /proc
1 cpuinfo
128 crypto
17 devices
21 diskstats key-users net
irq
kcore
modules
mounts
mtrr
sys
sysrq-trigger
sysvipc
thread-self
kallsyms
The /proc Directory
¡ñ Some of the commands that read from /proc include; top, free, mount, unmount.
¡ñ There are also important regular files in the /proc directory such as:
¡ð /proc/cmdline – Contains information passed to kernel during boot
¡ð /proc/ meminfo – Contains information about kernel memory usage
¡ð /proc/modules – Contains list of modules loaded into the kernel
Process Hierarchy
¡ñ When the kernel finishes loading during boot, it starts the init process and assigns it a PID of 1.
¡ñ This process then starts other system processes and assigns a PID in sequential order.
¡ñ When one process starts another process, the first process is called a parent process. The second process is called a child process.
Process Hierarchy
¡ñ Processes can be mapped into a ¡°tree¡± which can be viewed with the pstree command.
sysadmin@localhost:~$ pstree init-+-cron
|-login—bash—pstree
|-named—18*[{named}]
|-rsyslogd—2*[{rsyslogd}]
`-sshd
Viewing Process Snapshot
¡ñ Another way of viewing processes is with the ps command.
¡ñ By default, ps will only show running processes.
¡ñ The ps command can also be used with the head and grep commands to filter processes displayed:
sysadmin@localhost:~$ ps -e | grep firefox 6090 pts/0 00:00:07 firefox
Viewing Processes in Real Time
¡ñ The top command has a dynamic, screen-based interface that will regularly update the output of running processes.
sysadmin@localhost:~$ top
top – 16:58:13 up 26 days, 19:15, 1 user, load average: 0.60, 0.74, 0.60 Tasks: 8 total, 1 running, 7 sleeping, 0 stopped, 0 zombie
Cpu(s): 6.0%us, 2.5%sy, 0.0%ni, 90.2%id, 0.0%wa, 1.1%hi, 0.2%si, 0.0%st Mem: 32953528k total, 28126272k used, 4827256k free, 4136k buffers
Swap: 0k total, 0k used, 0k free, 22941192k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1 root 20 0 17872 2892 2640 S 0 0.0 0:00.02 init
17 syslog 20 0 171m 2768 2392 S 0 0.0 0:00.20 rsyslogd
Viewing Memory
¡ñ To view a snapshot of the memory used at that moment, use the free command:
sysadmin@localhost:~$ free
total
Mem: 32953528
-/+ buffers/cache:
used
26171772
3507272
free shared buffers cached
6781756 0 4136 22660364
29446256 Swap: 0 0 0
¡ð The output above explained:
¡ö Mem: is the statistics for physical memory on the system
¡ö -/+ buffers/cache: is the physical memory minus memory used by the kernel
¡ö Swap: is virtual memory
Log Files
¡ñ Processes running on a system produce output that describes what the process is doing.
¡ñ Some output goes to the terminal, however other output is not seen in the terminal and gets written to files as log messages (or log data) instead.
¡ñ Some processes log data by default, while others use a daemon to log data.
¡ð Examples of daemons include; syslogd, klogd, rsyslogd, journald
¡ñ Log files are placed under the /var/log directory.
Log Files
¡ñ To view log files:
¡ð Use cat or less command
¡ð Use journalctl command
¡ñ Log files are rotated, meaning older log files are renamed and replaced with newer log files.
¡ñ Most log files contain text, which can be viewed safely with many tools. Other files such as the /var/log/btmp and /var/log/wtmp files contain binary. Use the file command to view binary log files.
Kernel Messages
¡ñ Kernel messages can be found in the following files:
¡ð /var/log/dmesg – contains the kernel messages that were produced during system startup.
¡ð /var/log/messages – will contain kernel messages that are produced as the system is running.
¡ñ To view messages generated by the kernel, use the dmesg command. To filter the output, use a pipe with the less or grep command:
sysadmin@localhost:~$ dmesg | grep -i usb usbcore: registered new interface driver usbfs usbcore: registered new interface driver hub usbcore: registered new device driver usb
Filesystem Hierarchy Standard
Filesystem Hierarchy Standard
¡ñ Filesystem Hierarchy Standard (FHS) is a set of standards supported by the Linux Foundation.
¡ñ FHS categorizes system directories as:
¡ð Shareable / Not shareable
¡ð Static / Variable
¡ñ The FHS standard defines four hierarchies of directories used in organizing
the files of the filesystem:
¡ð Top-level hierarchy: /
¡ð Second-level hierarchy: /usr
¡ð Third-level hierarchy: /usr/local
¡ð Fourth-level hierarchy: /var
Organization Within the Filesystem Hierarchy
¡ñ User and Home Directories: The /home directory will typically have a directory underneath it for each user account.
¡ñ Binary Directories: Contains the programs that users and administrators execute to start processes or applications running on the system.
¡ð Includes /bin, /usr/bin, /usr/local/bin and other non-user specific directories.
¡ñ Root Restricted Binaries: the sbin directories are primarily intended to be used by the system administrator (the root user) and include:
¡ð /sbin,/usr/sbin,and/usr/local/sbin
Organization Within the Filesystem Hierarchy
¡ñ Software Application Directories:
¡ð Microsoft Windows – Applications files are installed in a single subdirectory under
the C:\Program Files directory.
¡ð Linux – Applications may have files in multiple directories spread out throughout the Linux
filesystem.
¡ð To view list of application files, use dpkg -L packagename (Debian) and rpm -ql
packagename (Red Hat).
¡ñ Library Directories: Files which contain code that is shared between multiple programs.
¡ð Commonly use file extension of.so
¡ð Examples include: /lib, /lib64, /usr/lib, /usr/lib64, /usr/local/lib
Organization Within the Filesystem Hierarchy
¡ñ Variable Data Directories: The /var directory and many of its subdirectories can contain data that will change frequently.
¡ð Examples include: /var/mail, /var/spool/mail, /var/spool/cups